Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IDA plugins to default configuration #593

Closed
Ana06 opened this issue May 7, 2024 · 6 comments · Fixed by #594
Closed

Add IDA plugins to default configuration #593

Ana06 opened this issue May 7, 2024 · 6 comments · Fixed by #594
Assignees
@Ana06
Labels
💎 enhancement It is working, but it could be better ❔ discussion Further discussion is needed

Comments

@Ana06
Copy link
Member

Ana06 commented May 7, 2024

Details

At the moment, the only IDA plugin we have in the default configuration is capa explorer. This is nice as when you install IDA Pro, it detects the Python3 installation and the capa explorer plugin is available without any extra steps. We have recently added some more IDA plugins to VM-Packages that we could add to the FLARE-VM default configuration too:

  1. https://github.com/A200K/IDA-Pro-SigMaker
  2. https://github.com/danigargu/deREferencing
  3. https://github.com/gaasedelen/lighthouse
  4. https://github.com/hasherezade/ida_ifl
  5. https://github.com/airbus-cert/comida

@mandiant/flare-vm opinions on which ones we should add to the default config?
@Ana06 Ana06 added 💎 enhancement It is working, but it could be better ❔ discussion Further discussion is needed labels May 7, 2024
@Ana06 Ana06 self-assigned this May 7, 2024
@thejoelpatrol
Copy link

I would like to see these four, especially the shellcode hashes:
https://github.com/mandiant/flare-ida/tree/master/plugins

A big priority for me would also be the MSDN documentation annotator:
https://github.com/mandiant/flare-ida/blob/master/python/flare/annotate_IDB_MSDN.py
That one does rely on a database file which would probably contain copyrighted material so it's a little more complicated. It's also not structured as a plugin, but as a script.

@Ana06 Ana06 mentioned this issue May 7, 2024
Closed
@Ana06
Copy link
Member Author

Ana06 commented May 7, 2024

@thejoelpatrol thanks for the feedback. I was asking in this issue about the already created packages, as we would just need to add them to the config. I have created a new issue in VM-Packages to discuss the addition of flare-ida (so that we keep the discussions separated): mandiant/VM-Packages#1032

@mr-tz
Copy link
Contributor

mr-tz commented May 8, 2024

I vote to add comida.

@Ana06
Copy link
Member Author

Ana06 commented May 13, 2024

Two more candidates that are being currently added:

@Ana06
Copy link
Member Author

Ana06 commented May 13, 2024
edited
Loading

I have been testing the plugins and I would like to add:

  • ida.plugin.dereferencing.vm
  • ida.plugin.flare.vm
  • ida.plugin.comida.vm
  • ida.plugin.ifl.vm

@mandiant/flare-vm anything against it? any other package you would like to get added?

@mr-tz
Copy link
Contributor

mr-tz commented May 13, 2024

no concerns on my side, thanks

@Ana06 Ana06 mentioned this issue May 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ana06 Ana06

Labels
💎 enhancement It is working, but it could be better ❔ discussion Further discussion is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[config] Add Resource Hacker and IDA plugins Ana06/flare-vm
3 participants
@thejoelpatrol @Ana06 @mr-tz